Howard and Quanah,
I think I understand what you have said me, but I am not still
understanding what the reason to my ldif doesn't work. Thankfully my
environment is a test environment. I have other test environment that has a
difference between the first: I modified the first environment database to
mdb database while the second is default installation where database is hdb
(default).
In the second environment, I can modify olcTLSCertificateFile,
olcTLSCertificateKeyFile and olcTLSCACertificateFile normally.
For modify the first environment:
1. I stopped sladp service;
2. I got olc configurations from slapcat -n 0 command like: slapcat -n 0
>> config.ldif;
3. I added olcModuleLoad back_mdb on dn: cn=module{0},cn=config (I
verified the olcModulePath and /usr/lib64;
4. I modified on dn: olcDatabase={2}hdb,cn=config the following
attributes:
- dn: olcDatabase={2}hdb,cn=config to dn: olcDatabase={2}mdb,cn=config
- objectClass: olcHdbConfig to objectClass: olcMdbConfig
- olcDatabase: {2}hdb to olcDatabase: {2}mdb
- structuralObjectClass: olcHdbConfig to structuralObjectClass:
olcMdbConfig
- And finally, I ran this two command:
- cat config.ldif | slapadd -v -F /etc/openldap/slapd.d -n 0
- chown -R /etc/openldap/slapd.d (to solve owner problem after run
this command as root)
OBS: I've mounted environment on CentOS 7, added symas' repository and
install from yum.
Is possible I have done something wrong in convert process?
--
Igor Sousa
Em qui, 11 de jul de 2019 às 22:56, Howard Chu <[email protected]> escreveu:
> Quanah Gibson-Mount wrote:
> > --On Thursday, July 11, 2019 5:29 PM -0300 Igor Sousa <
> [email protected]> wrote:
> >
> >> I've tested your suggestion and delete operation has worked fine, but
> >> I've still had the same problem described previously when I've tried add
> >> new olcTLSCertificateFile or new olcTLSCertificateKeyFile or new
> >> olcTLSCACertificateFile. I don't understand the reason for that.
> >
> >>> You're likely hitting ITS#8286 with the replace operations. Another
> > idea may be to change replace to a delete+add in the same operation
> sequence.
> >
> >
> > <https://www.openldap.org/its/index.cgi/?findid=8286>
> >
> > The details in the ITS aren't as flushed out as they probably should be,
> but if a configuration element is missing an EQUALITY matching rule, then
> you generally
> > cannot use a replace OP on them.
>
> That's not correct. A replace op always works. It is only [Delete/Add]
> value that requires an equality rule.
>
> --
> -- Howard Chu
> CTO, Symas Corp. http://www.symas.com
> Director, Highland Sun http://highlandsun.com/hyc/
> Chief Architect, OpenLDAP http://www.openldap.org/project/
>
